Friday, September 26, 2014

Shellshocked, Vectors, and Vulnerabilities.

So, the Shellshock vulnerability...

Yes, this one really is the biggest vulnerability to hit UNIX-like systems in decades.

Yes, it is in the wild now, and yes, it IS a major problem.

So yeah... you really do have to pay attention to this one. 

Briefly, many UNIX-like systems, including most Linux systems, Mac OSX, and many others, use, or at least have installed on them, a variant of a program called "bash' (the "Bourne Again SHell").

To say that it's one of the most widely used pieces of software in the world would be a dramatic understatement.

Recently, it has been discovered that most bash variants (and by the way, there are hundreds of them, if not thousands, extending back to 1989), when invoked with certain variables, can be forced to execute malicious code.

There are already patches available for many systems which will either fix or mitigate the problem, but there are literally millions of systems out there, and it will take a lot of time and effort to fix them.

There are also many systems which either can't be fixed for some reason or another, or whose owners don't even know that there is a problem.

These days, just about every piece of computing hardware out there that isn't an actual Windows server or PC,  runs a UNIX-like OS; and many of those have some variant of the software in question installed on them by default.  Even if it's not actively used on the system, many systems have it installed by default, and few bother to remove it.

Even if you don't run any UNIX-like boxes, your vendors, your partners, your bank, your power company, your... everything... runs them.

...Hell, your TV or stereo might be running linux these days, and your router probably is.

Do YOU know what operating system is running on every single piece of computing hardware in YOUR company? In every embedded system? In your printers, your photocopiers?

Also, because this vulnerability extends back so far, it's entirely possible... actually it's a damn near certainty... that the code containing the vulnerability in question has been reused in other software (including other shells not considered bash variants, and other entirely unrelated software); which may now also be vulnerable.

So, the gory details...

https://www.us-cert.gov/ncas/alerts/TA14-268A

Read the CERT link, then read this:

http://arstechnica.com/security/2014/09/bug-in-bash-shell-creates-big-security-hole-on-anything-with-nix-in-it/

And this;

http://arstechnica.com/security/2014/09/concern-over-bash-vulnerability-grows-as-exploit-reported-in-the-wild/

And if you want some technical depth, this:

http://www.troyhunt.com/2014/09/everything-you-need-to-know-about.html

I don't have much else to add about the vulnerability itself... but I do want to talk about a common problem with how people think of and respond to issues like this.

Confusing Vectors with Vulnerabilities.

I'm noticing a lot of folks out there seem to think that because they're not running a web server, or that they're not providing services to the internet, that they're not impacted by this vulnerability.

That is absolutely not the case.

It's very important to understand, the attack vector for this vulnerability is not JUST web services; that's just the most common and simplest way to exploit it remotely, and the first exploit seen.

This should be obvious, but any service that may pass unvalidated (or poorly validated) remote input to any external shell or command parser, is a potential point of compromise.

There are any number of common services that may do this, including DHCP and autoproxy config, various SSH configurations, various VPN services, some remote management or configuration services, GIT and other code and content management systems, various file sharing and syncing services, various media services, various backup and archive services...

Also remember the vulnerability applies to local command execution and local services as well, not just remote. This is a vulnerability in a core component of the operating environment, not just in any particular service.

Unlike most other operating systems, where an application or service might perform an external function for itself, or through a system API; because of UNIX-like systems fundamental architecture and long standing convention, almost any process might invoke and pass input to an external command parser or shell for almost any reason. When they do, it's usually the default shell for the system, or for the UID the process runs under, and often that default is bash.

Even if bash is not the default for a system or user, some processes may invoke bash explicitly, to avoid potential environment, syntax, or parsing errors (or simply because that's what the programmer was comfortable with).

Also, even if a process explicitly invokes a command parser or shell other than bash, it is common to find that bash has been aliased or linked to the command for the other shell. In many environments, running the command "sh" will in fact invoke a bash shell.

Finally, as I noted above, bash is so ubiquitous, and the code for it has been around so long; it's entirely likely that other shells and command parsers (and possibly other types of software as well) share this same vulnerability.

Again, these should be obvious, but it's surprising how easily we allow ourselves to overlook or forget the basics.

Don't assume you're safe just because you're not running a web server on the machine, or because the machine isn't providing services to the internet, or because you're " not using bash".

Address the vulnerability, not JUST the vector.

Thursday, September 25, 2014

The problem with "Wouldn't it be..." and "Wasn't it..."

Progressive ideas usually begin with:

"Wouldn't it be great if..." (progressives are generally theorists)

Ok, right there with you so far...


Conservative ideas usually begin with:

"Wasn't it great when..." (conservatives are generally empiricists)

Yup, that works for me too...


The complication is the next step, taken by both progressives and conservatives:

"Since that would be great, it is our moral obligation, to use the force of government to MAKE it that way"

... and that's where we part ways.


The problem, is that I believe I have no moral right to force MY personal beliefs, preferences, or ideas on anyone else (no matter how "great" or "right" they may be).

I also believe that we have a moral obligation to use the force of government as little as possible (even if doing so may be "for the greater good").


Of course, that's where the kicker hits, from both left and right...

"Since you oppose something which is great, and which is a moral obligation, you must either be stupid, or evil"

Wednesday, September 24, 2014

Salute silliness....

Ok... on the latte salute thing...

Seriously?

This, is what you want to make a thing out of?

Ok yes, the guy is commander in chief, has been for six years, and he SHOULD know the basics of military honors and courtesies by now. It was a MINOR gaffe.

But if the president hadn't returned the salute, all y'all who are bitching about the latte, would just be bitching about him not saluting instead... because of course, the point isn't what he actually did or didn't do... it's that he's "the bad guy".

And don't give me some garbage about disrespecting servicemembers, and how as a servicemember or veteran you're personally offended etc... etc...

That's bull.

He was attempting to acknowledge the salute, he just didn't know the proper form for the situation, and reflexively returned the salute without thinking.

This is not some giant issue of disrespect, to the Marine, the corps, servicemembers, or veterans. If anything, it's an embarrassment to HIM

Guess what... I've accidentally rendered salutes with something in my hand... and so has every other service member, ever.

I'm reasonably certain that everyone who has ever served more than a few months, has accidentally rendered a "coffee salute" or a "cola salute"...

...and in so doing, earned themselves a bit of pain, a moderate to severe amount of embarrassment, possibly an ass chewing, and likely a big dry cleaning bill.

I've also accidentally rendered a "sharpie" salute, a "wet paint brush" salute, and on several occasions "lubricant" salutes. I've even rendered more than a couple "briefcase in the face" salutes (and seen many more).

I have thankfully been spared the joys of the "firing pin in the eye" salute, the "m9 slide" salute, and the "field knife salute", but I have witnessed them.

And of course, there's the ultimate faux pas, the "grenade" salute (live, smoke, teargas, or otherwise)... which yes, has actually happened, many, many times (though I've never witnessed it, I have Army and Marine corps buddies who have).

In no case were my improperly rendered salutes disrespectful to the recipients; they were embarrassments to ME personally.

Saluting becomes such an ingrained reflex that it is totally automatic... it's muscle memory...  and you actually have to remember to stop yourself when you need to (for example, when you have a coffee cup in your hand). You also end up developing the habit (out of self defense if nothing else) of keeping your right hand free whenever possible, and of scanning other peoples right hands, to see if they're occupied or not.

In fact, it's one of the reasons I developed the habit of wearing my watch on my left wrist, and wearing no rings on my right hand, even though I'm right handed. I don't like having anything on my right hand, wrist, or forearm to grab or snag. When you need to wear a lanyard, a retention strap, a ground strap etc... (anything tied, strapped or clipped to your hand wrist, or forearm), you develop the habit of wearing it on your left when possible.

I've known commanders to have semi-official policies in their commands specifically NOT to salute  anyone in that command (or return salutes, no matter the rank) when they have certain things in or around their hands (drinks, POL, paints and solvents, open containers of any kind, sensitive electronics, weapons, ordnance etc...), specifically to avoid this sort of thing happening by reflex.

Obama has never served, he's never had the saluting rules drilled into him, nor has he ever developed the habit of keeping his right hand free when possible, and checking it before saluting.

So he made a minor gaffe.

... Oh that's leaving aside the fact that by the conventions of military courtesy, HE DOESN'T ACTUALLY HAVE TO RETURN THE SALUTE.

I keep saying, stop making this piddling stuff an issue... and YES IT IS PIDDLING STUFF. It just makes you... and by extension everyone associated with you... look petty and stupid.

There are plenty of good reasons to dislike Obama. There are plenty of REAL, important, BIG issues to raise hell over. The fact that he doesn't know when NOT to salute isn't one of them.

He's just started another shooting war for gods sake, and we're talking about COFFEE.

---

You can stop reading now if you like because I'm going to get into the obscurity of protocol etc... but the next bit might interest you...

__

So... What exactly is the proper rendering of military honors and courtesies in this situation?

That's not as simple as you might think... there are actually a rather large and complicated set of rules, regulations, conventions, and traditions; and they vary by service, circumstance, and occasion.

FIRST: The Personal martial salute, is an honor and a privilege, accorded only to those who serve, or have served, honorably. 

There are many formal and personal military honors and courtesies which may be accorded to individuals, entitled by their official status or position. There are even many different types of personal and formal honors which are considered salutes.

The personal martial salute is unique among them, in that it is a privilege only accorded those who serve, or have served, honorably; in the service of, or in command of, the Uniformed Services of the United States.

Uniformed service members in honorable standing, veterans in honorable standing, and under certain circumstances civilians in the military chain of command (The president {and former presidents in honorable standing}, any person currently exercising constitutional and statutory national command authority {this is not always the president. It may be the VP, Speaker of house etc..}, the secretary of defense and the service secretaries while acting in their statutory military command duties, and Ambassadors while exercising their ambassadorial rank and duties as the highest representative of the U.S. government within their accredited sovereign territory); are accorded personal military honors and courtesies, including the privilege of the personal martial salute.

By convention (though it is not absolutely required), unless diplomatic protocol supersedes, military honors and courtesies (including personal honors and courtesies such as the personal martial salute), are extended to equivalent persons of allied or friendly foreign powers (foreign heads of state, senior officers etc...); and may be accorded to those of honorable and lawful hostile powers.
Note: For many years, the honor and privilege of the personal martial salute, was not accorded to veterans or servicemembers out of uniform (except under certain special circumstances). A few years ago standards were revised to allow those not in uniform, who would otherwise be accorded the privilege of the salute; to do so when appropriate to the honor of the service, and the nation, at their own discretion. 
Appropriate times might generally be (but of course are not limited to): 
  1. At formal ceremonial events, retreats and reviles, service events, veterans events, commissioning or decommissioning and retirement ceremonies, funerals, memorials and the like.
  2. When making certain official or recognized oaths or pledges of honor or service. 
  3. When receiving certain official or recognized awards or honors.
  4. When it is appropriate to honor the colors, the service, or the nation (raising, lowering, commissioning, retiring, presentation, or formal parading of national, state, and certain ceremonial, official or service flags or "colors". Playing of the national anthem. Playing of the service song of ones service, or ones brother services).
The privilege of the personal martial salute, does NOT apply to government service civilians of assimilated rank (regardless of other personal or formal honors), unless they are otherwise accorded the privilege.

Although other government officials may be accorded formal military honors and courtesies, including some personal honors and courtesies, they are not accorded the privilege of the personal martial salute. By convention however, service members will often offer the personal martial salute to high government officials (VP, cabinet members, Speaker of the house, Senate majority leader, state governors, ambassadors, service secretaries etc...) on ceremonial occasions of greeting, or as a token of respect.

It is not appropriate for these officials to return the salute, unless they are otherwise accorded the privilege; though acknowledging the salute with a polite nod or personal salutation such as "Good Morning Sergeant" is courteous and appropriate.

SECOND: This unique honor and privilege can be stripped. It can also be restored.

Prisoners, confines, or detainees who have not been convicted of any crime which might bring dishonor on the service or the nation, (including lawful military combatant prisoners of war), are accorded the privilege of the personal martial salute.

The privilege of the personal martial salute is not accorded to any detainee, prisoner or confinee, who has been convicted of an offense against the honor of the service or the nation. If, on discharging all punishments and conditions of any sentence for such crimes; the servicemember is allowed to return to honorable service, or is dismissed, separated, or discharged from service under honorable conditions; they are once again accorded the privilege.

The privilege of the personal martial salute, is not accorded any service member, or veteran, currently in any other than honorable status or condition (including uncharacterised discharges, dismissals, and separations). This may also include servicemembers and veterans who are legitimately convicted in recognized civilian courts, of offenses which would bring dishonor on the service or the nation; unless they are through some action returned to honorable status (reversal of conviction, pardon, commutation with restoration of honorable status, petition for upgrade of discharge etc...).

Yes, if a veteran who was honorably discharged is convicted of a serious crime after they are discharged; even if the offense is in no way connected to their service or the military, they MAY be considered to be in an other than honorable condition, for purposes of military benefits, and military honors and courtesies.

This determination is by no means certain, and in general honorable status or condition can be restored after all penalties and conditions of any criminal sentences have been fulfilled or discharged (though this is also by no means certain).

THIRD: Saluting is required of and among, all members of the SEVEN Uniformed Services of the United States... but is never REQUIRED of Civilians. 

... Wait... SEVEN?

Yep, that's right, there are seven Uniformed Services of the United States, not just "the military" as most think of them.

  1. United States Army
  2. United States Marine Corps
  3. United States Navy
  4. United States Air Force
  5. United States Coast Guard
  6. United States Public Health Service Commissioned Corps
  7. National Oceanic and Atmospheric Administration Commissioned Officer Corps
As a courtesy, the privilege of the personal martial salute (and other personal military honors and courtesies) may be extended to the commissioned and warrant officers of the United States Maritime Service; however this is not required.

FOURTH: Who is required to salute, when?

Unless otherwise noted or excepted, all service members on duty, or in uniform; when outdoors, or traveling in or on vehicles (official, or personal if the servicemember is clearly visible), or horseback (but not vessels, which have their own special rules); are required to salute commissioned and warrant officers (and civilians accorded the privilege), upon meeting, or when entering or passing through their immediate presence or nearby line of sight (by convention, within range of a spoken conversation).

Unless otherwise noted or excepted, those of lower rank should first render the salute to those of higher rank(including the president, or person exercising national command authority or performing constitutional or statutory military command duties, but not other civilians), and should hold their salute until it is returned or otherwise acknowledged, or until the senior has left the juniors immediate presence or nearby line of site.

Enlisted personnel are not generally required to salute each other.

The services have varying rules and conventions about saluting when they are wearing headgear or not, whether they are under arms or not (carrying a weapon), whether they are under colors or not (carrying a flag, guidon, pennant etc..) and whether they salute while indoors or not (excepting when formally reporting or certain other formal interactions). They also have differing definitions and conventions about what is or is not considered indoors or outdoors.

To avoid excessive saluting; unless otherwise required (as listed below), it is the general convention in most services and commands, to only salute a higher ranking officer the first time one sees them for the duty day.

Certain formal interactions may require salutes to be rendered even when it would not otherwise be required to do so (either in general, or by specific exception as noted below).

These may include (depending on the customs of the service, and the command in question):
  1. Formally reporting to an officer or command (this may include saluting those of lower rank, if they are the commander of, or official designate for the officer or command being reported to).
  2. Formally relaying an order or command, or delivering a report or official communication, to an officer or command (or their designate).
  3. When acting as the leader or commander of a formation, detail, or other organized group of servicemembers; to render salutes and other honors and courtesies as appropriate. 
  4. Formally assuming, relieving, or being relieved of command or responsibility (whether temporarily or permanently), for a command, formation, detail, post or watch command, or other organization, or official or formal command duty.
  5. Formally assuming, relieving, or being relieved of certain other official or formal non-command, "non-line" or "outside of normal chain of command", responsibilities or duties 
  6. Formally assuming, relieving, or being relieved of custody or responsibility for certain items and materials such as keys, badges, codebooks and codekeys, classified documents, and other such items of sensitivity or importance
  7. Formally assuming, relieving, or being relieved of a guard or sentry post or duty.
  8. Formally assuming, relieving, or being relieved of custody of, or responsibility for, a prisoner. detainee, or confinee (including lawful or unlawful foreign combatants); or any formation or group thereof.
  9. Formally assuming, relieving, or being relieved of custody of or responsibility for a "color", "honor", or other ceremonial item or duty.
  10. Awarding, presenting, officially citing, or receiving; military, diplomatic, governmental, or other officially recognized citations, honors, or awards (medals and commendations for example)
  11. Formally rendering military, diplomatic, or other recognized honors and courtesies.
  12. Formally participating in the swearing or affirming, of certain oaths or affirmations.
  13. Participation in official commissioning, decommissioning, retirement, discharge, separation, and other similar events and ceremonies. 
  14. Participation in courts martial, administrative or command disciplinary or investigative actions, or activities thereunto.
  15. When legal, political, or diplomatic protocols, require that formal or personal military honors and courtesies, or other specific saluting practices, protocols or conventions be observed.
  16. When lawful orders, command policies, or service conventions and traditions; require that formal or personal military honors and courtesies, or other specific saluting practices, protocols or conventions be observed.
Except in certain formal interactions such as above, those of higher ranks (particularly very senior officers) are not absolutely required to return the properly rendered salutes of lower ranks; though they should generally make every reasonable and appropriate effort to do so.

No matter the rank or circumstance, if at all possible, any properly rendered salute, honor, or courtesy, from anyone accorded the privilege; should be returned or acknowledged with appropriate respect and courtesy.

That said, the higher the rank, and the greater the rank differential; the greater consideration given of the seniors time and attention.

The servicemembers who salute the most aren't privates... they rarely see or interact with senior officers; they're colonels and generals. Almost everyone they see, all day, every day, has to salute them, and many of those salutes have to be returned.

Many, but not all... generals would spend all their times doing nothing but, if they were always required to return every salute.

If a general is busy, rushing out of his chopper, and has his briefcase in his right hand, and his left on the bird, he's not expected to stop, swap hands, and salute the airmen manning the stairs. He might... and he might not... and honestly, nobody gives a damn either way.

It is the custom of all the services, that recipients of the medal of honor, whether in uniform or not, are to be rendered the personal martial salute first, by all those accorded the privilege, regardless of rank (including the president, if a veteran, or at his own discretion if not). They are only required to return the salute (as per regulations and conventions of the service) if they are on duty, or in uniform; though as with all accorded the privilege, they should acknowledge salutes with appropriate respect and courtesy.

It is also the custom of all the services, that all proper salutes rendered by recipients of the medal of honor, to those on duty, or in uniform; be returned with an appropriate personal martial salute, regardless of rank (excepting those not accorded the privilege, such as prisoners; and under the exceptions noted below).

FIFTH: Depending on the customs and conventions of each particular service or command, servicemembers are generally not required to render or return a salute if:

  1. On duty, but in civilian clothing, and not otherwise required to salute as above (servicemembers may serve in roles allowing or requiring them to wear civilian clothing while on duty. In these circumstances they may salute if appropriate, but are not generally required to do so except certain formal circumstances as noted above).
  2. Engaged in routine work, duties, or activities (playing sports, physical exercise etc...); whether on or off duty, in or out of uniform; where doing so would unduly interfere or cause a safety hazard
  3. In a public non-military place, or at a public event, outside of a military context (church, non-military social functions, theaters, sporting events, in public or mass transport, etc...), even if such places or events are owned, operated, controlled, or administered by the military.
  4. In a public or group gathering, such as a meeting, and not otherwise required by specific convention or regulation to salute (as you would when delivering a formal report)
  5. Acting as a member of, but not leading, a formation or detail (unless so commanded)
  6. The act of saluting would block or impede safe and free movement through a portal or passage (one should safely clear the portal or passage, then salute if required)
  7. Their hands are required for a railing, line, handgrip, or otherwise for safety or movement
  8. Their hands are full, and their right hand cannot be conveniently and safely be cleared; UNLESS what they're full of is a "signal" (signal flags, whistles or other visual or audible signaling devices which can be used to render a salute) a "color" (an official or ceremonial flag, pennant, guidon, standard, baton, or other official or ceremonial symbol of command, office or authority) a weapon (in which case the appropriate personal martial salute should be rendered, if safe and appropriate to do so), or other item which can be used to properly render a personal martial salute (there are literally hundreds of possible items and salutes). 
  9. Following a lawful command, order, or policy, to not salute, or to follow specific saluting practices and conventions.
  10. Required to follow legal or diplomatic protocol superseding military protocol, which would render a salute improper or inappropriate.
  11. Doing so would cause the servicemember to present an unmilitary or unprofessional appearance; would appear to or actually be disrespectful, discourteous, insolent, or mocking; or might otherwise be prejudicial to good order and discipline (for example, if a servicemember were on duty, but in costume as santa claus). 
  12. Doing so would otherwise be unsafe, unreasonable, or inappropriate
If any service member, regardless of rank, is for any reason unable to render or return a salute when it would otherwise be appropriate or required (or if any person is rendered a salute when they are not accorded the honor and privilege to return it); they should acknowledge the salute (or the presence or passage of the individual due the courtesy) with appropriate respect and courtesy.

Conventionally, this consists of a polite nod, and optionally (STRONGLY recommended for juniors acknowledging seniors) offering a verbal salutation (by rank, rank and name, or rank name and title or honorific) if and as appropriate i.e. "Good Morning Sergeant", "Good afternoon General Banks Sir", "Good evening Mr. President" etc...

Uhh... yeah... that's... a lot of stuff... 

Yes... yes it is... and I'm pretty sure I'm missing or forgetting some stuff, or never knew it, and couldn't immediately find it in the standard manuals and references (I did check before writing this).

It get's REALLY complicated when you are dealing with joint service, and international joint service situations... Remembering who salutes what, where, when, and how... or doesn't; when there's officers of varying, possibly unfamiliar rank, from 28 different nations, plus their corresponding diplomats and elected officials... it's really not very fun.

There are literally entire military and diplomatic career fields who figure out nothing but this stuff...

Honestly though, most servicemembers don't need to know most of this stuff most of the time... there's 5-8 basic rules (depending on the service), a few reasonable exceptions, and some well known traditions and conventions; with the servicemembers expected to always do their best to behave in appropriate, professional, courteous, respectful, and military manner.

Much as it seems, the military doesn't ALWAYS treat everyone below the rank of Colonel, as if they were a particularly stupid child with behavioral problems... Just most of the time.

So... Back to Obama and what he should have done?

By general convention, exiting a vehicle, descending a stair, and with a cup in his hand; the president should not have returned the salute by hand.

As I noted above, when it is reasonable and appropriate to do so, anyone accorded the privilege should try to appropriately and properly return any salute properly rendered them; however, a senior officer is generally not expected or required to stop what they are doing, clear their hand, and return a salute rendered to them by a junior officer or enlisted man.

It is a nice courtesy if they do, but it's not offensive or disrespectful not to.

It is entirely appropriate to acknowledge a salute with a respectful nod, and optionally an appropriate verbal salutation.

So he shouldn't have saluted; he should have nodded, and if he had time, said "Good morning Sergeant" or something similar.

After reviewing... or more likely skimming... all the protocol above... it's really not quite so simple huh?

Not exactly surprising that someone who doesn't the proper saluting protocol and habits drilled into them for thousands and thousands of hours; and who is extremely busy, and has a lot on their mind; gets it wrong now and again?

Understand... I'm not defending Obama... I don't have to, because in this, he requires no defense.

He's just initiated another shooting war, and we're talking about lattes?

How do you defend that?

Tuesday, September 23, 2014

Pilot Season reviews, part 1: "Scorpion" and "Madam Secretary"

So we started watching the timeshifted pilots tonight... mixed bag thus far.


Scorpion:

Interesting premise if done well, interesting characters if written and handled properly, cast may be a bit hit or miss, but it's hard to tell because...

...Unfortunately, the writing and direction has the worst case of "pilotitis" I've ever seen. Nothing but quick cuts, bang bang go go, no regard for plausibility, nothing but smash bang yell smash bang...

It's Bayhem, done badly.

And I quote...
Bobby: Dear gods, their writers are idiots 
Chris: No Bobby... their technical consultants are idiots. Good technical consultants could have made this work. People who know aviation, communications, security, computers and networks. 
...Well, that or the showrunner just ignored the tech geeks while they screamed "dear god no, that's incredibly stupid, you just can not do that". 
Bobby: ...Chris... 
Chris: Yes Bobby? 
Bobby: Why aren't we working in Hollywood as technical consultants? 
Chris: Because we'd be homicidal within minutes.
And:
Bobby: Hmm... Scorpion might actually be good... as a drinking game.


I sincerely hope that this level of crapitude was because for the pilot, the plot, and the details, were effectively "lorem impsum BOOM!!!", so that idiot network execs to get interested in the show.

I will bet money that the elevator pitch... or at least the first line in the script coverage... on this was "It's 24, meets "Criminal Minds", meets "The big Bang Theory".

We'll give it a couple episodes, see how it does in the initial order.


Madam Secretary:

Another elevator pitch show: "It's "Zero Dark Thirty", meets "The West Wing", meets "Scandal", but the lead is a hot blonde, with a hot college professor husband, who has sexy students.

... and it's BLOODY AWFUL. 

Basically, everything is wrong. The cast should be great... nope. The writing is simultaneously mundane and melodramatic. The cinematography, sound design, and production design are entirely wrong... The show looks, feels, and sounds wrong.

Tea Leone demonstrates all the animation and expression of a somewhat wobbly block of pleasantly shaped wood. Every character (or performance) seems to be from a slightly (or dramatically) different show than every other character.

Stay away... stay far away.

Pilot Season... Give it a little time...

It's TV premier season, and this year has a lot of reasonably ambitious pilots, some of which show some potential for being great, but are going to take some establishing before they get good... if they get good: Gotham, The Flash, Constantine, Forever, Scorpion etc...

So, what happens if you see the pilot, and really WANT to like the show, but the pilot is only "Meh"?

...or worse, it's really close to like... halfway great, but there are a few things which subtract from it to make it either "meh" (Agents of Shield anyone?), or a couple specific things which really turn you off?

Let me just say... give it time...

Don't dismiss something which has the potential to be great, just because they didn't get it right at first.

There are a lot of shows that are now considered all time greats, where the first half season wasn't great, but they found their feet in the second half.

Actually, in some cases like "Cheers", ST:TNG, or "Buffy the Vampire Slayer" even the whole first season was not great, but the networks or production companies trusted the shows enough to renew.

Unfortunately, that almost never happens anymore, because networks don't stay long behind a low rated show... Hell, they'll pull a moderately rated show after 3 episodes if they were expecting higher and have a decent replacement prepped. Sometimes though they'll give a full season pickup pre-air, and the show starts mediocre, but they'll let it run through the whole season to find it's feet.

First thing is to remember, it's just a pilot.

For a pilot, the production values, and shooting scripts... even the characters, and cast in some cases... may be significantly different from the initial pickup shows. You can't really tell from the pilot what the final product is going to look like. If you like the concept and the characters, you've got to give it at least 3 episodes.

If after 3 episodes, you're still in the "Man, I want to like this show, but they're just not quite there" zone, you have to remember those 3 episodes were all written and produced before airing. In fact, the first 6, 8, or even 10 or 12 episodes will have been produced before the pilot is ever aired (though not usually 12... 6 would be common). This means they haven't really seen what the show is doing in front of a real audience yet, and they haven't had a chance to make adjustments.

Sometimes, particularly if it's a production values problem, the show will get better over time because the initial production order was on a lower budget, and the next 3 or 6 will be better.

This is particularly true of higher budget long lead time shows, with a lot of postproduction work... I.E. science fiction, fantasy, and adventure shows like the ones I mention above. They have a much longer lead time, with more episodes in the pipeline simultaneously, so it takes them longer to adjust to the audience reactions.

Also remember, this is the age of six channel multi-terabyte DVRs, streaming services, and bittorrent.

If after 3 episodes you till like the concept and the characters, but not enough to watch every week, or there's still a couple things that turn you off, wait a while, then come back.

If the show doesn't get a full season pickup, then you don't need to bother.

If it gets picked up, let the previously filmed episodes burn off, then watch the first episode filmed after the pickup. If they have the details fixed by then, you can go back and fill in.

... and of course, there's always bingewatching in the winter hiatus, or after it shows up on netflix.

Wednesday, September 10, 2014

The Scout Rifle is Officially Dead

Sooo... yeah...

This is the "new product" Ruger has been teasing for the past few weeks:




Ruger Gunsite Scout Rifle Now Available In 5.56 NATO

"Sturm, Ruger & Co., Inc. (NYSE: RGR) is proud to announce that the Ruger® Gunsite Scout Rifle is now chambered in 5.56 NATO. This newest version of the Gunsite Scout Rifle features a hybrid chamber that shoots both 5.56 NATO and .223 Rem. accurately and safely. The rifle weighs approximately 7.1 lbs., features a 16.1", 1/2-28 threaded barrel with a 1:8 twist rate, offers controlled round feed and is shipped with a 10-round detachable box magazine. 
"This is a natural extension of the Gunsite Scout Rifle line," said Gunsite Instructor Ed Head, one of the contributors to the original Ruger Gunsite Scout Rifle design. "Being chambered in a lower cost, universally available caliber, and with the Ruger reputation for reliability and accuracy, this is another serious rifle for those serious about rifles," he added."

Ok so lessee here...
  1. Not actually a new product
  2. It utterly bastardizes and defeats the purpose of the entire concept of the scout rifle
  3. It is that particular concept which is supposed to make the weapon desirable and useful
  4. Which even then, is flawed at best.
Straight up, it's not a scout rifle.

Why?

Because it's in 5.56.

By definition, a scout rifle cannot be in 5.56

Why not?

...and why do I say the entire concept is flawed at best?

What Is A Scout Rifle?

Col Coopers (actually Eric Chings, but Cooper was it's biggest proponent for decades) concept of the scout rifle, is a light, handy rifle in a useful chambering, and designed, optimized, built, and accessorized, to be useful for all purposes in the woods or bush, described thusly:

Quote:
"Let us attempt it by declaring that a general-purpose rifle is a conveniently portable, individually operated firearm, capable of striking a single decisive blow, on a live target of up to 200 kilos in weight, at any distance at which the operator can shoot with the precision necessary to place a shot in a vital area of the target."
and further specified as follows:
  1. In a chambering sufficient to take thin and medium skinned game of up to 200 kilos at up to 300 yards, and which is commonly available to civilians (.308/7.62 nato is the exemplar)
  2. Weight: 3 kilos including "all accessories" but no ammo.
  3. Length: Max 1 meter (39")
  4. Telescopic sight: an intermediate eye relief of low power, generally 1.5-3x. This scope is mounted forward of the magazine.
  5. Generally the stocks will be synthetic
  6. Scout barrels will be short and light (approx. 19".)
  7. Actions:
    • Bolt
    • two-lug, ninety-degree rotation
    • Mauser style claw extractor and positive ejector
    • Bolt knob should be round and smooth
    • Safety should disconnect trigger mechanism and should work from front to rear.
    • Magazine: should protect the points of soft-pointed spitzer bullets
    • The action should offer some built in aperture sight.
    • Magazine cutoff.
    • Trigger: smooth, clean break at 3 lb.
  8. Accessories: Flush sling sockets, rounded heel of the butt, butt magazine, either cuff style or built in, some form of retractable bipod.
So, why is it Not a Scout rifle?

The very first part of the definition of a scout rifle is that it be in a chambering that is useful on thin and medium skinned game of up to 200 kilos, at any range which the rifleman may usefully make a shot, which is roughed out to about 300 yards.

5.56 nato is NOT useful on ANY game of up to 200 kilos... except of course human beings... at ANY range; thus, by definition, a scout rifle cannot be chambered in 5.56 nato.

Ruger can call this a scout rifle all they want... It doesn't make it so.

So... What's that you said about a "Flawed Concept"?

This is the part where I put on my flame retardant suit, for the defenders of the scout rifle concept are few, but rabid.

Now, before I said that the concept was flawed at best, what did I mean by that?

There is exactly one thing which differentiates the scout rifle concept, from any other handy rifle of useful chambering.

That one thing, is the forward mounted long eye relief scope of low magnification.

... and it's not that great an idea.

The point of the forward mounted LER scope is to facilitate fast mounting and snapshooting in a flushing or self defense against dangerous game situation; and secondarily to leave the magwell unobstructed (or at least mostly unobstructed), for topping off magazines and clearing jams quickly.

That's fine... it's a decent set of requirements for a bush rifle, and for a self defense rifle.

But the forward mount LER scope, is simply not the optimal solution for the given requirements.

There is nothing a low magnification forward mount LER scope can do, that cannot be done better in every way by a modern holographic or red dot sight.

Modern red dots are compact enough that they need not be fully forward mounted... in fact some are so small that they can be mounted on the rear receiver ring, where the rear scope base would otherwise be mounted.

Red dots have very large sighting aperture, and are effectively eye relief and parallax free, allowing for faster mounting and target acquisition than any scope type optic. This allows for faster and more accurate snap shots, without compromising accuracy out to 200 or 300 meters. They are also available with magnifiers which may be quickly folded out of the way or removed, for up to 3x magnification.

Importantly, as they have no parallax, and no specific eye relief requirement, they can be mounted wherever the user feels most comfortable.

Most importantly, they are far more durable, damage resistant, and useful after being subjected to abuse and to mud, rain, dusty conditions etc... than any conventional scope type optic.

Of course, in the time that the scout rifle was conceived and refined, zero parallax holographic, reflex, and other "red dot" type sites, were either junk, or expensive toys for shotgun and.22 pistol spacegunners. They were not the reliable, tough, well developed sighting systems we have today.

With apologies to the late, great, Colonel Cooper; the scout rifle, is officially dead.

Friday, September 05, 2014

"Three billion dollars per year, and homelessness continues to soar?"




Except homelessness doesn't "continue to soar".

The quote is from an article on PovertyInsights.org, "Is the US Government Wasting Money on Homelessness".

Their conclusion by the by is "Yes, but we should do more anyway".

.. and I agree with them, we should do more. Not SPEND more... actually DO more. In fact, we should probably spend less... we should just do it more effectively and efficiently.

Homelessness isn't "continuing to soar"

... which, by the by, the linked article actually does admit, though not in direct language. The tag line is meant as an attention grabber.

There IS a problem, and it should be addressed, in the most effective way we can.

That's where things get complicated.

By most measures long term homelessness is stable or declining, and short term homelessness is declining again, as it has been since the early 90s (excepting several year to year spikes and dips from 2006 through 2012).

The first thing, is that homelessness has actually never been near what the "homeless advocates" said, because they were inflating the numbers in a desperate attempt to get people to pay attention, and to get at least somewhere near enough funding for the real problem they actually had.

They multiplied way beyond worst case numbers, by other way beyond worst case numbers, added a fudge factor for "things we can't measure and people we're missing"; then multiplied that number based on the cities with the worst problems, by every city in America, as if they all had similar demographics.

Were they deliberately lying? No... at least they never thought of it as that. They simply assumed that the problem was worse than they could prove, and that they'd better inflate the actual provable numbers just to make sure. It's a common issue with do-gooder-ism.

Basically, it's all the worst problems of unrepresentative sampling, combined in one issue.

If the problem ever had been near that bad, it would have meant a dozen homeless men on every corner in every city in America.

But that's what they needed to do, just to see the few dollars at the pointy end that they eventually got; because that's how political funding works in this country.

This is not to say there are no homeless in America, or that both short and long term homelessness are not issues we should address.

There are without doubt massive shortfalls in funding to prevent, and aid in the recovery and return to normalcy of the short term homeless. They have spiked over the last few years since 2006, because of the housing and financial collapses and their aftermath, and the stagnant economy. That has been normalizing since 2010, or at least 2012 even by the worst numbers (though some urban areas are exceptions, and are getting worse for various reasons. Tucson, Las Vegas, some cities in Florida, San Francisco). We still don't have enough money at the pointy end to help those who need help.

The long term homeless population is down from where it was in the 80s and 90s (long term homelessness in the united states is believed to have peaked around 1987 to 1989 - some say as late as 1992 - and began trending significantly downward between 1992 and 1995), though it's still a problem.

Unfortunately, this isn't really because our efforts to improve the situation have been effective. It's more because the large populations of mentally ill that we turned out on the streets from 1978 to 1988 as we "reformed" and defunded our state mental health systems, have largely died; and because the spike of serious drug addiction in this country from 1974 to 1994, peaking from 1986 to 1991 with the "crack epidemic" has largely subsided to its pre 1970 levels (those addicts have also largely died).

The real problem with long term homelessness in this country is a problem with our mental health system, and how we treat substance abuse and addiction. The vast majority of the long term homeless are seriously mentally ill, long term substance abusers, or both.

The other major problem, is that no matter how much funding we allocate at the state or federal level, it gets swallowed up in the bureaucracies, and the inefficiency of the system. Most of the benefit never reaches the street.

That isn't to say the people at the pointy end aren't trying to do their best, they are... it's just that the system prevents it.

The piece linked states that the federal government spends approximately $3 billion to "help the homeless" every year. The states and municipalities combined spend something like 4 times times that (based on the commonly bandied number that about 20% of the dollars for the homeless come from the feds). That's about 15 billion.

There's about 1 million homeless in the country according to the article (best numbers I've seen say 800,000, but that's close enough to 1 million that I'll give it to them).

15 billion, divided by 1 million is $15,000.

If we were EFFICIENTLY and EFFECTIVELY spending $15,000 per homeless person in this country, there wouldn't BE any measurable homeless population.

Everyone who was homeless, would have a roof, a bed, enough food, and basic medical care.

The problem is that, if we're lucky, $0.20 of each of those dollars actually ends up having any direct benefit to the homeless. The rest gets eaten up in the layers and layers of bureaucracy, and "oversight", and planning, and all the other myriad ways that government spending ends up being consumed.

You know who does most of the feeding, clothing, and housing of the homeless in this country?

Two organizations: The Church of Jesus Christ of Latter Day Saints (Mormons), and the Catholic Church.

Oh and of course all the many local churches and charitable organizations (most of them religious in nature) that run homeless shelters, food banks, soup kitchens, free clinics, and outreach programs.

How much do they spend on the problem?

No-one knows for sure and estimates vary widely. The St. Vincent DePaul society, the largest society of the Catholic church providing direct aid to the poor, spends about $700 million annually overall in The U.S. on direct aid. About 1/3 of that is explicitly in aid to the homeless, so something like $200 or $250 million. The LDS church spends something similar, and all other churches in the U.S. combined, also spend about that much (this just on the homeless, not in all aid to the poor. That number is four or five times as much).

Let's round up and call it about a billion total. That's actual money hitting the street directly by the by, not total donations for the homeless, or total funds allocated by the leadership.

So... that's what a billion, used efficiently and effectively, can do, for a million people.

Wonder what they could do with $15 billion more?

Monday, September 01, 2014

PATCO, and the REST of the story...

Ahhh... the joys of growing up in a political family...

So, a number of memes and infographics regarding Reagan, and the PATCO strike of August 1981, have been circulating around blogs and social media the last few weeks. Most are just your basic meme fodder; shallow, not remotely accurate junk... But even among those who know something of the story, it seems that very few really understand the larger picture and context of what happened there and why... and how it relates to the Reagan years as a whole.

What you have to understand, is that as much as people remember them as the "Reagan Revolution" years; in fact, the entire 80s and into the early 90s (summer of 1992 to be precise) were essentially a wonderfully corrupt bargain between the Democrats and Republicans.

People mostly think of it as a time when "Reagan cut taxes", and increased spending on the military, which did in fact happen; but that's less than half the story.

The other half, is how Reagan and the republicans managed to get most of that pushed through a democrat dominated congress, relatively easily.

The answer is actually pretty simple...

For every dollar of new spending initiated by Reagan and the republicans, the Democratic majority under Tip O'Neill, initiated (depending on the year) from 1.2 to 1.8 dollars of new spending...which the Republican minority then generally offered only token ACTUAL opposition to, or even actively helped to pass.

Of course they made a great deal of rhetorical noise, but when it came down to money on the table, the bills got passed, and Reagan signed them.

What it boiled down to, was that for the most part (with a few notable exceptions) Reagan and the republicans could spend as much as they wanted on what they ACTUALLY wanted; so long as the republicans didn't actually meaningfully try to stop O'Neill and the dems, from spending as much as THEY really wanted on whatever THEY really wanted.

... note how I am repeating "really" and "actually" several times here. That's important. Rhetoric was one thing, reality was another thing entirely.

Most of the big, loud, noisy spending fights you may remember from the mid and late 80s were, shall we say... full of sound and fury, signifying nothing. Most of the time, the minority and majority leadership had worked out what was going to pass, how much was going to be spent, and what if any amendments would be allowed, before anything ever hit the floor, or even got out of committee. The rest of the show was just electioneering and fundraising.

Under this cozy modus vivendi, Reps and Dems could pursue "red meat" issues, and pay back favors for their respective sides, while at the same time acting as each others boogeymen; so each side could look good for their base, get out the vote, work up the faithful, and raise a lot of money.

It was a near perfect system for the parties... Not so much for the people of course, but great for the DNC and RNC.

The mid 80s through mid 90s, were when semi-permanent single party incumbency for most seats became not just the rule (it had been such for many districts since the war already), but the near certainty; both sides making sure that everyone who played for the team, stayed with the team; and anyone thought to be leaving the reservation was replaced with someone who would keep the game going according to plan.

Pretty much the only time an incumbent lost their seat was when they had to be replaced with a more compliant congresscritter; or when they had screwed up bad enough, and botched the spin on the screwup bad enough, that they had to be sacrificed to protect the rest of congress from further investigation into bad behavior (Rostenkowski anyone?).

Oh... actually there was one other exception... The last of the southern ideological realignments.

The south and west voted overwhelmingly democrat up until 1960, and most states still voted majority democrat excepting for president, up until the late 70s or early 80s (the first time the south voted entirely majority Republican, both for president and for new congresscritters, was 1984).

From 1960 on, the south started voting more republican, and the north started voting more democrat. This pattern accelerated dramatically in 1968, 1972, and 1976 with an explicit southern strategy being followed by Republicans to unseat southern democrats; and then a mass turnover of 35 seats in the 1980 election, with the "Reagan revolution" (which was pretty much entirely reversed in 1982 by the way, and the democrat majority was never actually under threat).

After the 1976, and particularly after the 1980 elections, most of the less powerful and shorter serving southern democrats, and pretty much all the northeastern Republicans outside of a few upper class all white districts (the Rockefeller districts basically), were out. Those remaining, generally had safe overwhelmingly urban and university districts;  a powerful machine behind them (missouri for example); were independently wealthy and very popular at home; had a very high national profile; or had a great deal of power in congress (or some combination thereof).

Over the years from 1976 to 1996, almost all of those old line southern democrats died, retired, resigned, moved over to the senate, or switched to the republican party.

During most of those years (particularly from '82 to '92), there was a tentative and tacit understanding, that when the democrats vacated a southern seat that wasn't a safe dem seat, or was demographically trending Republican, so long as it didn't greatly impact the leadership balance or threaten the majority, the party would not fight too hard for it (there were exceptions of course, particular when a states governor or statehouse were dem controlled). The RNC would then hand pick one of their guys who they wanted to be a congressman, put enough money and talent behind him to make a show of it, and the dems would run a no-hoper (an old guy, a lefty woman, a nobody local party ticket puncher, a radical lefty etc...) against him (and yes, it was always a him).

This soft and largely unspoken arrangement worked out to everyones benefit... Or at least to congress and the governments benefit. Again, not so much for the people.

Which brings us back to the original subject...

The PATCO strike was just another one of those red meat issues.

On the one hand, Reagan got to make a big show of being "strong" on domestic issues early in his presidency, and firmly stake out the conspicuously "anti-left" position.

On the other hand, the democrats and the AFL/CIO (who had wanted to bring PATCO to heel since it's formation in 1968) got to pay PATCO back for generally not falling into line with the rest of labor and  specifically for supporting Reagan, and dropping support for some democratic congressional candidates in the 1980 election (and by the way, to explicitly strongarm the Teamsters - who had voted with PATCO - back into line as well); without actually being seen to be against a union (and in fact, to loudly "support" that same union, while helping to ensure it's destruction).

And of course, they both got to posture and grandstand, rallying the base and raising money.

Hell, it's 2014, and the Democrats are STILL raising money and support off the "union busting" of the PATCO strike.

So, democrats, union people... in case you didn't know, it wasn't actually Reagan that busted PATCO, it was Tip O'neill, and the AFL-CIO (who by the way OFFICIALLY crossed the PATCO picket line, and encouraged workers to scab).

Both "sides" (there's really only one side in washington... the government side. We the people don't even rate a side... we're just the floor) got exactly what they wanted, and neither sides ACTUAL vital interests or powerbases were threatened.

Was it a "big conspiracy"?

No, not at all...

It was just a few hundred people, who liked their jobs, acting in their own best interests in trying to keep them. It was basic political economics.